Cisco Cisco Firepower Threat Defense Software and Cisco Firepower Management Center Code Injection Vulnerability

A vulnerability in the inter-device communication mechanisms between devices that are running Cisco Firepower Threat Defense (FTD) Software and devices that are running Cisco Firepower Management (FMC) Software could allow an authenticated, local attacker to execute arbitrary commands with root permissions on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by accessing the expert mode of an affected device and submitting specific commands to a connected system. A successful exploit could allow the attacker to execute arbitrary code in the context of an FMC device if the attacker has administrative privileges on an associated FTD device. Alternatively, a successful exploit could allow the attacker to execute arbitrary code in the context of an FTD device if the attacker has administrative privileges on an associated FMC device.

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

对生成代码的控制不恰当(代码注入)

Cisco Firepower Threat Defense 安全漏洞

Cisco Firepower Threat Defense（FTD）是美国思科（Cisco）公司的一套提供下一代防火墙服务的统一软件。 Cisco Firepower Threat Defense、Firepower Management Center存在安全漏洞，该漏洞源于对用户提供的输入验证不足，攻击者利用该漏洞可以在受影响的设备上使用root权限执行任意命令。

N/A

其他